思博伦环形标志
网络安全

SASE and Zero Trust: Four Requirements to Get Beyond “Vision” and Get it Right

作者:

SASE and Zero Trust 4 requirements hero

By combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network—and give consumers the security and performance they expect.

Gartner coined the term “SASE” (Secure Access Service Edge) less than two years ago, before anyone had heard of “COVID-19.” At that time, Gartner described SASE as a visionary, dynamically created, policy-based security framework that could better protect the explosion of endpoint devices at the network edge.

SASE goes beyond the capabilities of traditional network security and SD-WAN security because it is specifically built for today’s realities, where the data center is no longer a “center,” the corporate network is a myriad of networks, every user is a branch office, and there is no end to new endpoints.

When combined with a Zero Trust (ZT) approach, in which everyone and everything is authenticated before access is granted, SASE enables companies to consistently apply and enforce security across their entire landscape—continuously and at scale.

The pandemic has forced a new model of network security and made it an urgent priority for many companies. Post-pandemic working-from-home projections further intensify the need for distributed security, especially for companies delivering new cloud-native software products that will be consumed at the edge.

SASE with Zero Trust is emerging as the best option for this new world. But the question remains: how will you transform the “promise” and “potential” of SASE/ZT into real results, right now? How can you get control over the new norm of remote workers and distributed applications, and give consumers the security and performance they expect?

This blog gives you four focal points for addressing those questions so you can harness a SASE/ZT framework that really works for your developers, your consumers, and your business.

#1: Test every conceivable deployment environment.

As you develop products and services for the SASE/ZT marketplace, make sure you test, validate and assure your solutions by pushing your software to the limit from every angle. Make sure your offerings will work in any network, from any cloud, under any set of circumstances, so you can accelerate your learning curve and deliver better outcomes for your customers.

Test and validate with fully virtualized testing and validation solutions that can be deployed in any cloud environment—public cloud, private cloud, telco cloud, edge cloud, multi-cloud, hybrid cloud or local cloud.

These principles apply whether you’re creating a 5G Core or Metro Edge, operating a quality assurance lab, integrating with CI/CD developer tool-chain, and more. Make sure you have holistic SASE/ZT testing, validation, and assurance capabilities. Whether your architecture is based on virtual machines, containers, or bare metal infrastructure, you need to maintain maximum flexibility of deployment across all possible network scenarios.

Of course, it is critical to both validate the design of the service prior to deployment and assure that security and performance are up living up to expectations in the actual production environment. Get your testing from a source that has the tools and experience to do both equally well.

#2: Assess with real traffic, not just “simulation.”

You need to be able to fully emulate your application environment at scale and you need the ability to run attack scenarios in the way a hacker would, entering the network the same way and launching the same code or evasion techniques. With simulation, it’s just play-acting.

Real-world traffic generation and test methodologies give you an accurate representation of all facets of the networking landscape—from discrete application emulation behaviors to fully compliant encrypted transmissions, and the ability to inject impairments, system errors or artificial latencies—that help you understand how your solution will perform under duress.

These capabilities ensure that any product or service under development can be stressed with every scenario that might occur in a production environment, giving the developer the peace of mind that their product is prepared for all eventualities.

#3: Measure the impact of the vulnerabilities you identify.

This is a side benefit of doing realistic attack emulation. Simulating attacks with basic packet replay can lead to false results. With stateful emulation you can assess and quantify the impacts of your security countermeasures in real time against real attack vectors, and you can also evaluate the impact your security measures have on your business model.

For example, if application performance is paramount and cannot be sacrificed due to security measures, you can identify security policies that degrade performance without providing additional security coverage. Your teams can make changes and verify the balance between performance and security continuously.

#4: Make sure the testing is objective and vendor-neutral.

When you look at the history of any new innovation in the networking arena, you have to ask one critical question before you adopt the technology: Who’s setting the standards?

Look no further than SD-WAN. Widespread concern over a lack of standards initially threatened multi-vendor interoperability. Vendors with hidden agendas and competing charters made a host of claims about their products and services, leading to confusion and complexity. Thankfully, the community has responded in the Metro Ethernet Forum (MEF) to instill order by creating consensus in the form of SD-WAN certifications.

Simply put, work with a testing solution provider that works with the community to ensure that its solutions conform to industry standards and specifications—not just MEF, but all segments of the network communications market, including high-speed Ethernet, WiFi-6, 5G, Global Positioning and Timing and Lifecycle Service Assurance, and, of course, SASE and Zero-Trust.

If you can get independent, standards-based, vendor-neutral testing, validation, and assurance of security and performance in the SASE/ZT environment, you may just attain something that’s exceedingly rare today: peace of mind.

One example shows how everyone wins

How does the holistic, realistic, standards-based approach to SASE/ZT validation outlined in this blog benefit real-world companies? Here’s one quick example. I’ll leave the company names out, but the story is true.

One of our clients, a large, high-speed telecom service provider, had a request from a customer, a global financial services enterprise. The financial service firm provides a guest network to its end customers in branch offices, and they wanted assurance that an edge security managed service could be integrated into its SASE framework without degrading the user experience.

The company did not want a “best guess.” They wanted a reality check. Spirent was able to validate that the security edge technologies of SASE were operating properly in the policy domain WITHOUT creating latencies in the performance domain.

Spirent tested and confirmed how many users could be supported. Along the way, our testing also uncovered new insights, such as:

  • What types of traffic performed most efficiently

  • What could potentially cause performance slow-downs

  • How those slow-downs could be avoided

  • Capacity of VPN connectivity

  • And traffic anomalies that needed further attention.

This created a win for everyone:

  • The telecom service provider got an objective validation of network performance

  • The security service provider gained insights into performance issues it hadn’t accounted for

  • The financial services customer validated that its guest network met user expectations

  • And Spirent proved its value in the new world of SASE/ZT security testing and validation

To quickly recap: by combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network. This comes with a number of benefits:

  • Stronger network security with fewer layers to manage

  • Centralized policy management

  • Lower costs with higher scalability

  • And a single view of your entire network

And if you do it right, you can give consumers the security and performance they expect.

Watch the video to learn more about SASE and Zero Trust右箭头图标

喜欢我们的内容吗?

在这里订阅我们的博客

博客订阅

Dave Larson
Dave Larson

总经理,安全解决方案

Dave 是思博伦通信公司安全解决方案业务部门总经理,负责推动公司的安全性测试、验证和保证服务的开发,并在公司的产品、服务和解决方案中全面融入差异化的安全功能。Dave 曾在科技初创公司和大型公共企业工作,在网络、网络安全和云架构方面有25年以上的丰富经验。 在加入思博伦之前,Dave 担任Hewlett Packard Enterprise的副总裁和总经理,负责数据中心网络业务,并担任网络、安全和先进云技术的首席技术师。 Dave 持有马萨诸塞州格登学院(Gordon College)(温汉姆,Wenham)的物理学学士学位。

相关文章